Authentication and authorization mechanisms for Fortezza passwords

摘要

A method and apparatus that provide network access control are disclosed. In one embodiment, a network access control apparatus is configured to receive and authenticate a password that uses the “Fortezza” cryptographic protocol, and to receive and authenticate passwords of other types, to thereby selectively permit a client associated with the Fortezza password to access a protected network. A Fortezza card reader is coupled to the client and associated with a Fortezza card that contains the Fortezza password. A network access server is logically coupled to the client. An access control server is coupled logically between the client and the protected network and that controls access of the client to the protected network. A Fortezza authentication server is coupled to the access control server for communication therewith. A database is coupled to the access control server and that contains profile information associated with the user. The access control server receives, from the client, user access information associated with a particular user of the client; determining, based on the user access information and a database, a type of a password associated with the user; when the password type is FORTEZZA, requesting authentication of the password from a Fortezza server; granting the client access to the network when the Fortezza server approves the password; and when the password type is any type other than FORTEZZA, requesting authentication of the password from an authentication process that is associated with that password type.